This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.

Subject Access Requests

The General Data Protection Regulations state that you have a right to access personal information that The Windmill Health Centre holds about you. There are three main areas of legislation that allow the right of the individual to request such personal information, and they are:

  •  The Data Protection Act 1998
  •  The Access to Health Records Act 1990
  •  The Medical Reports Act 1988

How do I requesting access the information you hold about me?

All requests must be in writing to the Data Controller at The Windmill Health Centre.

Verbal requests can be accepted where the individual is unable to put the request in writing – this must be noted on the patient record.

Proof of identity MUST be provided to satisfy the Data Controller and to enable them to locate the correct information.

Requests made on behalf of another, the Data Controller must be satisfied that correct and adequate consent has been provided.

The Data Controller needs to check whether the entire individual’s health record information is required or just certain information.

Where an information request has been previously fulfilled, the Data Controller does not have to honour the same request again unless a reasonable time-period has elapsed. It is up to the Data Controller to ascertain what constitutes as reasonable.

How long will it take to get my data?

Requests for health records information will be recorded internally and processed within 30 days (unless under exceptional circumstances – the applicant must be informed where a longer period is required).

Will I have to pay to access my data?

We do not charge for subject access requests

Will you object or restrict any information?

The Data Controller has the right to object or restrict the use of your personal information for the following reasons:

The information released may cause serious harm to the physical or mental health or condition of the individual or any other person.

The disclosure would also reveal information relating to or provided by a third person who has not consented to that disclosure.

A reason for denial of information does not have to be given to the individual, but must be recorded.

Can I access information about my children?

Parents will normally have parental responsibility for accessing the health records of their children

The Data Controller will need to obtain consent of the child where necessary (16 and 17 year olds are seen as adults in relation to confidentiality, and their consent would be necessary).

Children under 16 who have capacity and understanding for decision-making need to have their confidentiality respected.

Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website